CIOs Seek Ways to Replace Legacy Systems

With critical government systems reaching the end of the road, CIOs seek replacement strategies.

Former Oracle executive Kristin Russell used to be in charge of all the company’s data centers and worldwide computer operations. She was accustomed to technology being replaced every three to five years, a norm in the private sector. So when she decided to join Colorado Gov. John Hickenlooper’s administration earlier this year to serve as the state’s secretary of technology and CIO — her first government job — she was shocked by the condition of the state’s computer systems.

She learned that Colorado’s unemployment benefits system is 25 years old, its tax system is 23 years, and its titling system is 26 years old. And a recent audit found that the state’s financial reporting system, which processes $36 billion in expenditures annually, is at risk of failure. Russell’s discoveries confirmed an analysis two years ago of 200 of Colorado’s IT systems, which found that 77 of the state’s IT systems were more than 15 years old, and half had been around for at least a decade.

Many of these computer systems are coded in antiquated computer languages known only by the most senior of personnel — many of whom are set to retire in the next few years. The companies that built these systems in the first place no longer support them because the technology is so old, which drives up support costs with each passing year.

The situation has left Russell to wonder exactly how long her state can continue to scrape by. She likened state government’s systems to a consumer who is trapped in the past. The rest of the world has moved on to iPods and high-definition TV, but state governments continue to run eight-tracks and black-and-white sets.

There’s a growing sense that states like Colorado have run out of time, and that replacing these decrepit systems is a necessity, not a choice. Russell is among the optimists who believe that state governments can find a way to replace their old systems, even though funding appropriated by state legislatures and the federal government to do the necessary upgrades likely will be limited. Achieving success will require news ways of thinking and a willingness to work together.

“Being in IT and the high-tech industry my entire career, the big approach to brand-new systems has been tried out many times with increasingly disastrous results in terms of cost expenditures and failures,” she said. The “light switch” type of approach to system design and implementation is passé. “We need constant evolution to be in a better place than where we are today, and reliance on and help from the private sector and third-party vendors to help get there.”

CIOs like Russell are encouraged that states are working on developing systems that they can share. The thinking is that by banding together, these “multistate” systems can be updated as time goes on, helping to avoid the current problem of outdated computer systems. It also might be significantly cheaper.

Old and Older

Colorado’s computer systems — old as they are — aren’t out of line compared to other state governments. Rather, national data show that Colorado’s oldest systems — the ones Russell said are more than two decades old — are in the middle of the pack among systems operated and maintained by other state governments.

A study of states’ unemployment insurance (UI) systems made public last year by the National Association of State Workforce Agencies reported that most of them were first built in the 1970s and 1980s, and haven’t been modernized significantly since then. These systems, which collect unemployment taxes from employers and determine eligibility and pay unemployment benefits to workers, are in many cases considered separately as “tax systems” and “benefits systems.” A state government’s average benefits system, as of last year’s data, is 22 years old, while the average tax system is 24 years old, according to the study. The oldest of these systems, as of 2010, were 41 and 42 years old, respectively. Only eight states had modernized their systems, meaning they can fully support Web-based features and current database technology.

The numbers don’t improve much for other types of systems. This year the Center for Digital Government, owned by Public CIO’s parent company, e.Republic, surveyed 15 states about the status of their Medicaid Management Information Systems (MMIS), which do eligibility determination and claims processing for health-care coverage. Three states said their MMIS is more than 30 years old, and another four said theirs was more than two decades old. Two states reported that theirs was more than 10 years old. Massachusetts, New York, Oregon, Tennessee, Kansas and Alabama said their MMIS was less than 10 years old.

Before and after the Y2K scare, many states installed new enterprise resource planning (ERP) systems, which integrate a variety of business information, such as accounting and human resources data across a government. But 10 years later, even some of these systems are beginning to show their age. Several states are still running financial systems — which are often a part of the ERP — that were first implemented in the 1980s or 1990s, and may not have been heavily customized since then.

Old systems are found in all state governments, irrespective of geography. New Jersey’s payroll system, for example, dates back to 1969, and the state’s Motor Vehicle Commission uses a mainframe system that’s 30 years old — prompting New Jersey Gov. Chris Christie to float a $60 million plan for upgrades. Meanwhile, Arizona’s state financial system, which is used by 90 percent of the state’s agencies, is 25 years old. It runs on an IBM mainframe and uses the old COBOL and DB2 programming languages. Arizona has hired a consulting firm to help upgrade to an ERP system.

Utah’s MMIS is more than 20 years old and also runs on COBOL. “That’s the one we’re looking at [modernizing],” said Utah CIO Steve Fletcher. “The federal government pays for 90 percent of it, but it’s still very expensive — $120 million to build a new system.”

Installing new modules in the old MMIS is difficult for Utah to do, Fletcher said, because it’s trying to force COBOL to do something it wasn’t designed for. To make matters worse, the people who know how to code in COBOL are disappearing as they reach retirement age. “You spend an inordinate amount of time coding it and you spend an inordinate amount of time testing it. The cost for development becomes rather exorbitant,” Fletcher said.

Delaware CIO Jim Sills said the state’s top 11 mainframe systems average more than 20 years old and nearly half of those systems need to be replaced. Supporting those systems is difficult because the technology is old and so are the people who know how to maintain them. “I call it the ‘silver tsunami,’ a maturing workforce that will not be around to support these systems,” he said.

The looming wave of retirements expected among senior IT staff is no secret, as it’s been projected for years. A study released in January by NASCIO concluded that CIOs expect as much as 30 percent of their staffs to be eligible to retire within the next five years.
A loss of expertise is only one of several factors making system replacement an urgent priority. Other motivators are the promise of improved security and upgraded systems capable of pushing data out in order to support transparency.

Overdue and Necessary

Dave Andrews, who heads Accenture’s state and local government ERP practice, has been in the business since the 1980s. As the years went by, he came to believe that state governments would get a maximum of 20 years from their big systems. In reality, states held out even longer. “Would somebody out there be surprised to learn that there are systems that are 30 years old running the business of government? Yeah, that would surprise people,” Andrews said. The general public would be amazed by the amount of paper that still flows through government, and the “green screen” computer terminals still relied upon for back-office work, he said.

“We’re not replacing systems that are client-server or Web-based systems. We’re still replacing the mainframe systems,” Andrews said. He made the observation as he was visiting Richmond, Va., to meet with the controller about a 30-year-old KPMG green-screen system that’s still utilized by the agency.

Besides pure curiosity, why should the public care about these old systems?
One reason is that they have a real impact on delivering services to citizens. Doug Robinson, the executive director of NASCIO, called old UI systems the “poster child” for why modernization is important. The economic recession caused an overwhelming spike in unemployment claims, and the increased demand crashed states’ back-end databases and websites. New York, Florida and Ohio were among the states that fell victim to the surge. A modern system, perhaps using cloud computing, would’ve been able to cope with that elasticity and scale, Robinson said.

Old systems running on ancient programming languages also struggle to accommodate changing business requirements or legislative mandates. Modifications can require weeks or months of programming time — causing delays that can draw the ire of lawmakers and the public. California’s Employment Development Department experienced the real-world consequences legacy systems can have, when in 2009, Congress repeatedly extended the length of time individuals could draw unemployment benefits. Each extension required line-by-line coding changes in the department’s 1970s-era UI system. During one particularly complex change, unemployment checks were delayed for weeks as COBOL programmers toiled over the modifications.

Money Matters

Billions of dollars are needed to modernize states’ computer systems. One phenomenon that’s happening — given that budgets are stretched thin — is that unemployment insurance (UI), Medicaid Management Information Systems (MMIS) and enterprise resource planning (ERP) are competing for funding, said Dave Andrews, who leads Accenture’s state and local government ERP practice.

The sputtering economy has put more workload onto UI systems simply because more unemployed workers are seeking benefits. MMIS reform also is viewed as a bigger priority than it once was because of the Barack Obama administration’s focus on health-care reform.

Consequently back-end systems like ERP might be a lower priority right now in the eyes of lawmakers. For this reason, Andrews said ERP might be the third in line behind UI and MMIS, which are citizen-facing. Roughly a third of the states haven’t modernized their ERP systems since the mid-1990s, Andrews said. Those states want to upgrade their ERP, but they don’t have the money to do so.

No matter where money is spent, many state CIOs are clamoring for change on how the systems are funded by the federal government. Specifically states want more “administrative flexibility” on the requirements attached to IT dollars spent on federally funded, state-administered programs like UI and MMIS. The Obama administration recently ordered federal agencies to review these rules and alter them where appropriate.

Doug Robinson, executive director of NASCIO, said funding rules should encourage collaboration, but the current rules have the reverse effect. States now receive less federal funding if they share systems. It’s relatively easy, in some cases, to get the upfront capital from the federal programmatic agencies for a new system, Robinson said, but trying to replace them is tougher because of the funding rules. That’s one reason states are holding on to aging systems.

Utah CIO Steve Fletcher said the feds should find a way to let states share technology, therefore cutting costs for everyone. “There should be a better way to approach this rather than build it 50 times, because it’s pretty much the same system in all 50 states. Build it once and distribute it,” Fletcher said. “They don’t incentivize states to do the sharing.”

Another drawback of old systems is security. Assuring the code on a legacy system can be done, but it’s difficult. They were built before the advent of the Internet, so they were never intended to be connected online. “So you have that classic ‘lipstick on a pig’ situation where you put that Web service presentation layer in front of an old legacy environment,” Robinson said. “That can cause added complexity and offers weaker security than a modern application portfolio with seamless security built in since day one.”

Andrews and Russell added that legacy systems also don’t have the functionality needed to provide good data reporting, and have a tendency to hide data so that it never finds the light of day. Old systems can hinder government transparency. “We have data across all these disparate systems, but because they’re old and because we haven’t implemented newer technologies that have this functionality, it sits in those systems,” Russell said, “and we’re not able to pull the data to make better business decisions on behalf of providing services.”

“Technology is a predictor for how we do business, and if we’re not changing that technology, then we do business the same way we’ve always done it,” she added.

The Future

The appetite for upgrades to legacy systems appears to be present. An annual survey of state CIOs released in October from NASCIO said that more than half of the respondents were planning to replace their state’s legacy MMIS as health-care reform continues forward. But this effort will require major federal funding, according to NASCIO, and “getting those funds from federal government with its own budget problems could be problematic.” The Center for Digital Government’s MMIS survey found that five states are in the RFP planning process and six states said they will be completely replacing their existing legacy MMIS.

A 2009 Gartner research brief reported that some type of ERP activity was under way in 27 of 37 states surveyed, whether that be planning or a recent implementation. States were planning to spend from $30 million to $120 million on ERP, depending on the scope of the project and the state’s size. But some of these ERP projects were put on hold as states ran into financial hardship the past few years. Now there are two or three RFPs coming out each year, suggesting that ERP implementations have slowed.

The will is there, so what does the future look like? The consensus seems to be that states can no longer afford to develop new systems or modernize existing ones on their own.

The price tag is too high, and it takes too long. Furthermore, state-to-state, their systems share most of the same functionality, so developing systems that are shared among multiple states is feasible. A new model centered on “multistate consortia” is emerging that may be the way forward for replacing MMIS, UI and other big-ticket systems.

A few years ago, in the wake of the recession that stretched state UI systems beyond their limits, the U.S. Department of Labor awarded seed money to study the feasibility of shared UI systems that could be used by multiple states. The money also went toward writing requirement sets and laying the groundwork for states to work together. That effort has now reached the development phase after the Department of Labor awarded $128 million in September to three consortia of states that are planning to share a single UI system.

The consortia are arranged geographically. Arizona, Colorado, North Dakota and Wyoming are working together, as are Georgia, North Carolina, South Carolina and Tennessee. A third consortium is also starting among Maryland, West Virginia and Vermont.

When you combine four states, the collection of expertise gets them to the critical mass they need for a successful project. There’s very rarely one state that has enough staff versed in COBOL, Java and Oracle — but together, they do. “They have demonstrated that the pulling together of resources has had an enormous benefit — it really has,” said Lou Ansaldi, technology director of the Information Technology Support Center, which is affiliated with the National Association of State Workforce Agencies.

These states could have a shared benefits system that’s workable in as little as two to four years, according to the association. “I think this really is the way forward. We’ve scrutinized all aspects, and we think it does make the most sense,” Ansaldi said.

But there are still obstacles to overcome, and Robinson said those barriers tend to involve policy rather than technology. There are jurisdictional issues that need to be clarified. States, in some cases, have starkly different business rules, which will make using a shared system more difficult. Some states also have restrictions on cost recovery such that they couldn’t operate a shared system and charge other states a fee for using it, Robinson added. Also, it remains to be seen how these shared systems will be procured and managed. Will a consortium manage a system together, or will one state take the lead? But overall, these hurdles haven’t dampened enthusiasm for the concept.

“Clearly there is more interest in these multistate endeavors, particularly around the common functions that all states need to do — which would be ideal for a shared service operated by one state,” Robinson said. Similar to the UI consortia that are already under way, a few state CIOs such as Utah’s Fletcher have been pushing for support on shared MMIS. A coalition of western states is also going in together on an RFP for shared storage of GIS data — Colorado is one of them.

The multistate systems are one part of Colorado’s larger plan to update its legacy systems. Russell believes her state must also look within, at how it manages, budgets for and prioritizes its oldest computer systems. She doesn’t want any more “one-off” development of big, monolithic IT systems that can’t be upgraded as needs change.

Russell’s trying to get lawmakers, who hold the purse strings, to think about the sustainability of IT — and that means including ongoing maintenance, disaster recovery and security into the cost estimate of any new project. She plans to put forth new legislation that would codify this forward-looking strategy in Colorado. “What happens is that people get really fixated on the shiny new ball rolling across the table, and then they build the system and forget that grant funding ran out and they don’t know how to support it,” Russell said. “And that is why the systems get old.”

Russell also plans to build out a “comprehensive risk index” for all of the state’s IT systems — new and old. Each system will be assigned a numerical score, like a person’s cholesterol number or maybe a golf score. The higher the number, the worse off the system is. Russell wants this ranking number to dictate what system replacements are funded first and which are pushed down the list for later. The arithmetic will include the age of the system, what software it runs on and how secure it is. The business case also will be considered: Just because a system is old won’t necessarily mean it should be replaced right away.

The idea is to have a systemic picture of all of Colorado’s systems so that lawmakers can make informed funding decisions. Russell wants the state to have the necessary information to make proactive decisions instead of reacting after a system goes down. “We have a plan to not just solve the current problem,” she said, “but to solve the root cause of how we got here.”